Pcode粗略分析(1)
VB-Pcode反编译文件的粗略分析,高手莫笑话!分析1:
Private Sub Command1_Click()
Dim x As Integer, y As Integer, z As Integer
x = 123
y = 321
z = x + y
MsgBox z
End Sub
:00401874F47B LitI2_Byte ;Push 7B //123入栈
:00401876707AFF FStI2 ;Pop WORD //弹出0086操作数
//整形占2个字节
{x=123}
:00401879F34101 LitI2 ;Push 0141 //321入栈
:0040187C7078FF FStI2 ;Pop WORD //弹出0088操作数
//正好是0086+2,说明内存写时是连续的
{y=321}
:0040187F6B7AFF FLdI2 ;Push WORD //f?load?i2应该是integer
:004018826B78FF FLdI2 ;Push WORD //继续第二个参数入栈
:00401885A9 AddI2 ; //整数相加,保存在0088+2
{z = x + y}
:004018867076FF FStI2 ;Pop WORD //SUM出栈待用
================ //MsgBox原形
MsgBox(prompt[, buttons] [, title] [, helpfile, context])
================
:004018892704FF LitVar ;PushVar LOCAL_00FC //未负值参数,context
:0040188C2724FF LitVar ;PushVar LOCAL_00DC //未负值参数,helpfile
:0040188F2744FF LitVar ;PushVar LOCAL_00BC //未负值参数,title
:00401892F500000000 LitI4 ;Push 00000000 //buttons 缺省值为 0
:004018970476FF FLdRfVar ;Push LOCAL_008A //prompt,作为显示在对话框中的消息.
:0040189A4D64FF0240 CVarRef ;
**********Reference To->msvbvm60.rtcMsgBox
|
:0040189F0A00001400 ImpAdCallFPR4 ;Call ptr_00401020; check stack 0014; Push EAX //调用MsgBox
{MsgBox z}
:004018A436060044FF24FF04 FFreeVar ;Free 0006/2 variants //释放变量
:004018AD13 ExitProcHresult ; //退出程序
分析2:
Private Sub Command1_Click()
Dim x As Integer, y As Integer, z As Integer
x = 123
y = 321
z = x + y
MsgBox z, vbOKOnly, "pcode"
End Sub
:00401888F47B LitI2_Byte ;Push 7B //123入栈
:0040188A707AFF FStI2 ;Pop WORD //弹出0086操作数
{x=123}
:0040188DF34101 LitI2 ;Push 0141 //321入栈
:004018907078FF FStI2 ;Pop WORD //弹出0088操作数
{y=321}
:004018936B7AFF FLdI2 ;Push WORD //ADD第一个参数入栈
:004018966B78FF FLdI2 ;Push WORD //ADD第二个参数入栈
:00401899A9 AddI2 ; //ADD
{z = x + y}
:0040189A7076FF FStI2 ;Pop WORD //SUM出栈待用
:0040189D2704FF LitVar ;PushVar LOCAL_00FC //未负值参数,context
:004018A02724FF LitVar ;PushVar LOCAL_00DC //未负值参数,helpfile
******Possible String Ref To->"pcode"
|
:004018A33A54FF0000 LitVarStr ;PushVarString ptr_004013C8 //"pcode"入栈
:004018A84E44FF FStVarCopyObj ;=vbaVarDup(Pop) //地址负值
:004018AB0444FF FLdRfVar ;Push LOCAL_00BC //title果然被负值,看来分析并没有错误
:004018AEF500000000 LitI4 ;Push 00000000 //buttons 缺省值为 0
:004018B30476FF FLdRfVar ;Push LOCAL_008A //prompt,SUM
:004018B64D64FF0240 CVarRef ;
**********Reference To->msvbvm60.rtcMsgBox
|
:004018BB0A01001400 ImpAdCallFPR4 ;Call ptr_00401020; check stack 0014; Push EAX //调用MsgBox
{MsgBox z, vbOKOnly, "pcode"}
:004018C036060044FF24FF04 FFreeVar ;Free 0006/2 variants //释放变量
:004018C913 ExitProcHresult ; //退出程序
:004018CA0000 LargeBos ;IDE beginning of line with 00 byte codes
分析3:
Private Declare Function MessageBox Lib "user32" Alias "MessageBoxA" (ByVal hwnd As Long, ByVal lpText As String, ByVal lpCaption As String,
ByVal wType As Long) As Long
Const MB_OK = &H0&
Private Sub Command1_Click()
Dim x As Integer, y As Integer, z As Integer
x = 123
y = 321
z = x + y
MessageBox Me.hwnd, "sum=" & z, "pcode", MB_OK
End Sub
:004018FCF47B LitI2_Byte ;Push 7B //123入栈
:004018FE707AFF FStI2 ;Pop WORD //弹出0086操作数
{x = 123}
:00401901F34101 LitI2 ;Push 0141 //321入栈
:004019047078FF FStI2 ;Pop WORD //弹出0088操作数
{x = 123}
:004019076B7AFF FLdI2 ;Push WORD //ADD第一个参数入栈
:0040190A6B78FF FLdI2 ;Push WORD //ADD第二个参数入栈
:0040190DA9 AddI2 ; /ADD
{z = x + y}
:0040190E7076FF FStI2 ;Pop WORD //SUM出栈待用
:004019110470FF FLdRfVar ;Push LOCAL_0090 //将地址入栈,记录地址
:00401914080800 FLdPr ;=
:004019170D58000000 VCallHresult ;Call ptr_004014CC //这里应该是调用Me.hwnd,保存在0090
==================//MsgBox原形
int MessageBox(
HWND hWnd, // handle of owner window
LPCTSTR lpText, // address of text in message box
LPCTSTR lpCaption, // address of title of message box
UINT uType // style of message box
);
==================//下面是参数入栈
:0040191CF500000000 LitI4 ;Push 00000000 //uType,参数一
******Possible String Ref To->"pcode"
|
:004019211B0100 LitStr ;Push ptr_00401624 //装入"pcode"字符
:004019240460FF FLdRfVar ;Push LOCAL_00A0
:0040192734 CStr2Ansi ;vbaStrToAnsi //把Unicode形式转换为Ansi
:004019286C60FF ILdRf ;Push DWORD //lpCaption,参数二
******Possible String Ref To->"sum="
|
:0040192B1B0200 LitStr ;Push ptr_00401614 //装入"sum="字符
:0040192E6B76FF FLdI2 ;Push WORD //参数SUM入栈
:00401931FBFD CStrUI1 ;vbaStrI2 //将整数转换为字符型,保存在0094
:00401933236CFF FStStrNoPop ;SysFreeString ; =
:004019362A ConcatStr ;vbaStrCat //连接字符,保存在0098
:004019372368FF FStStrNoPop ;SysFreeString ; =
:0040193A0464FF FLdRfVar ;Push LOCAL_009C //将地址入栈,记录地址
:0040193D34 CStr2Ansi ;vbaStrToAnsi //把Unicode形式转换为Ansi
:0040193E6C64FF ILdRf ;Push DWORD //lpText,参数三
:004019416C70FF ILdRf ;Push DWORD //hWnd,参数四
***********Reference To:user32.MessageBoxA
|
:004019440A03001000 ImpAdCallFPR4 ;Call ptr_004015E8; check stack 0010; Push EAX //调用MessageBox
:004019493C SetLastSystemError ;Kernel GetLastError //针对调用MessageBox函数,取得扩展错误信息
:0040194A3208006CFF68FF64 FFreeStr ;Do SysFreeString ; =0 0008/2 times ~ arg
:0040195513 ExitProcHresult ;
:004019560000 LargeBos ;IDE beginning of line with 00 byte codes
Moodsky
2005.02.01 看了,但是看不懂 学习学习,谢谢 强烈建议老大做录像◎ 很好的教材,就是要有视频更好了 我已经下载 我已经下载 教材很好, 太好,我谢谢 太好,我谢谢
页:
[1]
2