标题:今天看了一下反汇编,反编译
只看楼主
风吹过b
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
等 级:贵宾
威 望:364
帖 子:4912
专家分:29900
注 册:2008-10-15
结帖率:100%
已结贴  问题点数:1 回复次数:6 
今天看了一下反汇编,反编译
无语中。。。。

编译方式:本机代码。源代码是 24点那个程序。

源码:
程序代码:
Private Sub Text1_KeyDown(KeyCode As Integer, Shift As Integer)
'全选和复制
If Shift = 2 Then                   '经测试,Ctrl =2
    If KeyCode = vbKeyA Then
        Text1.SelStart = 0
        Text1.SelLength = Len(Text1.Text)
    ElseIf KeyCode = vbKeyC Then
        Clipboard.Clear
        Clipboard.SetText Text1.Text
    Else
        KeyCode = 0
    End If
End If
End Sub

反编译后
程序代码:
Private Sub Text1_KeyDown(KeyCode As Integer, Shift As Integer) '402C00
  Dim var_1C As Variant
  Dim var_20 As TextBox
  loc_00402C55: If Shift <> 2 Then GoTo loc_00402E97
  loc_00402C65: If ecx <> 65 Then GoTo loc_00402D47
  loc_00402C88: Text1.SelStart = 0
  loc_00402CDA: var_18 = Text1.Text
  loc_00402D06: Text1.SelLength = Len(var_18)
  loc_00402D42: GoTo loc_00402E97
  loc_00402D47: 'Referenced from: 00402C65
  loc_00402D4B: If Len(var_18) <> 67 Then GoTo loc_00402E94
  loc_00402D76: var_1C = Global.Clipboard
  loc_00402DA0: var_eax = Global.Clear
  loc_00402DE3: var_20 = Global.Clipboard
  loc_00402E1C: var_18 = Text1.Text
  loc_00402E5C: var_18 = Text1.ForeColor
  loc_00402E92: GoTo loc_00402E97
  loc_00402E94: 'Referenced from: 00402D4B
  loc_00402E97: 'Referenced from: 00402C55
  loc_00402E9F: GoTo loc_00402EBE
  loc_00402EBD: Exit Sub
  loc_00402EBE: 'Referenced from: 00402E9F
End Sub

经检查,
1、临时变量类型有误
2、操作剪切板语句有误。

对应的反汇编是:表示完全看不懂
程序代码:
loc_00402C55: jnz 00402E97h
  loc_00402C5B: mov ecx, arg_C
  loc_00402C5E: mov ax, [ecx]
  loc_00402C61: cmp ax, 0041h
  loc_00402C65: jnz 00402D47h
  loc_00402C6B: mov eax, [esi]
  loc_00402C6D: push esi
  loc_00402C6E: call [eax+00000304h]
  loc_00402C74: mov ebx, [0040103Ch] ; Set %StkVar1 = %StkVar2 'Ignore this
  loc_00402C7A: lea ecx, var_1C
  loc_00402C7D: push eax
  loc_00402C7E: push ecx
  loc_00402C7F: call ebx
  loc_00402C81: mov edi, eax
  loc_00402C83: push 00000000h
  loc_00402C85: push edi
  loc_00402C86: mov edx, [edi]
  loc_00402C88: call [edx+00000114h]
  loc_00402C8E: test eax, eax
  loc_00402C90: fnclex
  loc_00402C92: jge 00402CA6h
  loc_00402C94: push 00000114h
  loc_00402C99: push 00401ED0h
  loc_00402C9E: push edi
  loc_00402C9F: push eax
  loc_00402CA0: call [0040102Ch] ; %StkVar1 = CheckObj(%StkVar2, %StkVar3, %StkVar4)
  loc_00402CA6: lea ecx, var_1C
  loc_00402CA9: call [004010E8h] ; %ecx = ""
  loc_00402CAF: mov eax, [esi]
  loc_00402CB1: push esi
  loc_00402CB2: call [eax+00000304h]
  loc_00402CB8: lea ecx, var_20
  loc_00402CBB: push eax
  loc_00402CBC: push ecx
  loc_00402CBD: call ebx
  loc_00402CBF: mov edx, [esi]
  loc_00402CC1: push esi
  loc_00402CC2: mov edi, eax
  loc_00402CC4: call [edx+00000304h]
  loc_00402CCA: push eax
  loc_00402CCB: lea eax, var_1C
  loc_00402CCE: push eax
  loc_00402CCF: call ebx
  loc_00402CD1: mov esi, eax
  loc_00402CD3: lea edx, var_18
  loc_00402CD6: push edx
  loc_00402CD7: push esi
  loc_00402CD8: mov ecx, [esi]
  loc_00402CDA: call [ecx+000000A0h]
  loc_00402CE0: test eax, eax
  loc_00402CE2: fnclex
  loc_00402CE4: jge 00402CF8h
  loc_00402CE6: push 000000A0h
  loc_00402CEB: push 00401ED0h
  loc_00402CF0: push esi
  loc_00402CF1: push eax
  loc_00402CF2: call [0040102Ch] ; %StkVar1 = CheckObj(%StkVar2, %StkVar3, %StkVar4)
  loc_00402CF8: mov eax, var_18
  loc_00402CFB: mov esi, [edi]
  loc_00402CFD: push eax
  loc_00402CFE: call [00401010h] ; @Len(%StkVar1)
  loc_00402D04: push eax
  loc_00402D05: push edi
  loc_00402D06: call [esi+0000011Ch]
  loc_00402D0C: test eax, eax
  loc_00402D0E: fnclex
  loc_00402D10: jge 00402D24h
  loc_00402D12: push 0000011Ch
  loc_00402D17: push 00401ED0h
  loc_00402D1C: push edi
  loc_00402D1D: push eax
  loc_00402D1E: call [0040102Ch] ; %StkVar1 = CheckObj(%StkVar2, %StkVar3, %StkVar4)
  loc_00402D24: lea ecx, var_18
  loc_00402D27: call [004010ECh] ; %ecx = ""
  loc_00402D2D: lea ecx, var_20
  loc_00402D30: lea edx, var_1C
  loc_00402D33: push ecx
  loc_00402D34: push edx
  loc_00402D35: push 00000002h
  loc_00402D37: call [0040101Ch] ; %v = ""
  loc_00402D3D: add esp, 0000000Ch
  loc_00402D40: xor ebx, ebx
  loc_00402D42: jmp 00402E97h
  loc_00402D47: cmp ax, 0043h
  loc_00402D4B: jnz 00402E94h
  loc_00402D51: cmp [00405338h], ebx
  loc_00402D57: jnz 00402D69h
  loc_00402D59: push 00405338h ; vbNullString
  loc_00402D5E: push 00401F98h
  loc_00402D63: call [004010A8h] ; CreateObject(%StkVar1, %StkVar2)
  loc_00402D69: mov edi, [00405338h]
  loc_00402D6F: lea ecx, var_1C
  loc_00402D72: push ecx
  loc_00402D73: push edi
  loc_00402D74: mov eax, [edi]
  loc_00402D76: call [eax+0000001Ch]
  loc_00402D79: cmp eax, ebx
  loc_00402D7B: fnclex
  loc_00402D7D: jge 00402D92h
  loc_00402D7F: mov ebx, [0040102Ch] ; %StkVar1 = CheckObj(%StkVar2, %StkVar3, %StkVar4)
  loc_00402D85: push 0000001Ch
  loc_00402D87: push 00401F88h
  loc_00402D8C: push edi
  loc_00402D8D: push eax
  loc_00402D8E: call ebx
  loc_00402D90: jmp 00402D98h
  loc_00402D92: mov ebx, [0040102Ch] ; %StkVar1 = CheckObj(%StkVar2, %StkVar3, %StkVar4)
  loc_00402D98: mov eax, var_1C
  loc_00402D9B: push eax
  loc_00402D9C: mov edi, eax
  loc_00402D9E: mov edx, [eax]
  loc_00402DA0: call [edx+00000050h]
  loc_00402DA3: test eax, eax
  loc_00402DA5: fnclex
  loc_00402DA7: jge 00402DB4h
  loc_00402DA9: push 00000050h
  loc_00402DAB: push 00401FA8h
  loc_00402DB0: push edi
  loc_00402DB1: push eax
  loc_00402DB2: call ebx
  loc_00402DB4: lea ecx, var_1C
  loc_00402DB7: call [004010E8h] ; %ecx = ""
  loc_00402DBD: mov eax, [00405338h]
  loc_00402DC2: test eax, eax
  loc_00402DC4: jnz 00402DD6h
  loc_00402DC6: push 00405338h ; vbNullString
  loc_00402DCB: push 00401F98h
  loc_00402DD0: call [004010A8h] ; CreateObject(%StkVar1, %StkVar2)
  loc_00402DD6: mov edi, [00405338h]
  loc_00402DDC: lea ecx, var_20
  loc_00402DDF: push ecx
  loc_00402DE0: push edi
  loc_00402DE1: mov eax, [edi]
  loc_00402DE3: call [eax+0000001Ch]
  loc_00402DE6: test eax, eax
  loc_00402DE8: fnclex
  loc_00402DEA: jge 00402DF7h
  loc_00402DEC: push 0000001Ch
  loc_00402DEE: push 00401F88h
  loc_00402DF3: push edi
  loc_00402DF4: push eax
  loc_00402DF5: call ebx
  loc_00402DF7: mov edx, [esi]
  loc_00402DF9: mov edi, var_20
  loc_00402DFC: push esi
  loc_00402DFD: mov ebx, 80020004h
  loc_00402E02: call [edx+00000304h]
  loc_00402E08: push eax
  loc_00402E09: lea eax, var_1C
  loc_00402E0C: push eax
  loc_00402E0D: call [0040103Ch] ; Set %StkVar1 = %StkVar2 'Ignore this
  loc_00402E13: mov esi, eax
  loc_00402E15: lea edx, var_18
  loc_00402E18: push edx
  loc_00402E19: push esi
  loc_00402E1A: mov ecx, [esi]
  loc_00402E1C: call [ecx+000000A0h]
  loc_00402E22: test eax, eax
  loc_00402E24: fnclex
  loc_00402E26: jge 00402E3Ah
  loc_00402E28: push 000000A0h
  loc_00402E2D: push 00401ED0h
  loc_00402E32: push esi
  loc_00402E33: push eax
  loc_00402E34: call [0040102Ch] ; %StkVar1 = CheckObj(%StkVar2, %StkVar3, %StkVar4)
  loc_00402E3A: sub esp, 00000010h
  loc_00402E3D: mov eax, 0000000Ah
  loc_00402E42: mov edx, esp
  loc_00402E44: mov ecx, [edi]
  loc_00402E46: mov [edx], eax
  loc_00402E48: mov eax, var_2C
  loc_00402E4B: mov [edx+00000004h], eax
  loc_00402E4E: mov eax, var_24
  loc_00402E51: mov [edx+00000008h], ebx
  loc_00402E54: mov [edx+0000000Ch], eax
  loc_00402E57: mov edx, var_18
  loc_00402E5A: push edx
  loc_00402E5B: push edi
  loc_00402E5C: call [ecx+00000060h]
  loc_00402E5F: test eax, eax
  loc_00402E61: fnclex
  loc_00402E63: jge 00402E74h
  loc_00402E65: push 00000060h
  loc_00402E67: push 00401FA8h
  loc_00402E6C: push edi
  loc_00402E6D: push eax
  loc_00402E6E: call [0040102Ch] ; %StkVar1 = CheckObj(%StkVar2, %StkVar3, %StkVar4)
  loc_00402E74: lea ecx, var_18
  loc_00402E77: call [004010ECh] ; %ecx = ""
  loc_00402E7D: lea eax, var_20
  loc_00402E80: lea ecx, var_1C
  loc_00402E83: push eax
  loc_00402E84: push ecx
  loc_00402E85: push 00000002h
  loc_00402E87: call [0040101Ch] ; %v = ""
  loc_00402E8D: add esp, 0000000Ch
  loc_00402E90: xor ebx, ebx
  loc_00402E92: jmp 00402E97h
  loc_00402E94: mov [ecx], bx
  loc_00402E97: mov var_4, ebx
  loc_00402E9A: push 00402EBFh
  loc_00402E9F: jmp 00402EBEh
  loc_00402EA1: lea ecx, var_18
  loc_00402EA4: call [004010ECh] ; %ecx = ""
  loc_00402EAA: lea edx, var_20
  loc_00402EAD: lea eax, var_1C
  loc_00402EB0: push edx
  loc_00402EB1: push eax
  loc_00402EB2: push 00000002h
  loc_00402EB4: call [0040101Ch] ; %v = ""
  loc_00402EBA: add esp, 0000000Ch
  loc_00402EBD: ret
搜索更多相关主题的帖子: 源代码 color 
2015-07-17 22:29
风吹过b
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
等 级:贵宾
威 望:364
帖 子:4912
专家分:29900
注 册:2008-10-15
得分:0 
首先,反编译后,没有 FOR 循环,只有
if    goto

程序代码:
For i = 1 To 4
    If r1(i).v > 0 Then
        For j = 1 To 4
            If r2(j).v >= 0 Then
                Call operation(r1(i), r2(j), r3)
                For m = 1 To 4
                    If r3(m).v = 24 Then
                        s = s & r3(m).s & " = 24" & vbCrLf
                    End If
                Next m
            End If
        Next j
    End If
Next i


反编译后是:
程序代码:
  loc_004030AB:                                            'for 开始
  loc_004030B5: If var_18 > 4 Then GoTo loc_00403219             '>4,则跳最后,循环结束
  loc_004030BE: If var_18 < 5 Then GoTo loc_004030C6             '<5,则跳循环体
  loc_004030C0: var_eax = Err.Raise                              '这句应该永远执行不到
  loc_004030C6: 'Referenced from: 004030BE
  loc_004030CF: If ecx+ebx*8+00000004h <= 0 Then GoTo loc_00403201       'ebx是应该是数组下标,*8 是结构体占用内存=8, 04h 是结构体第二个变量地址
  loc_004030DD: 
  loc_004030E4: If 00000001h > 4 Then GoTo loc_00403201
  loc_004030ED: If 00000001h < 5 Then GoTo loc_004030F5
  loc_004030EF: var_eax = Err.Raise
  loc_004030F5: 'Referenced from: 004030ED
  loc_004030FE: If edx+ebx*8+00000004h < 0 Then GoTo loc_004031E7
  loc_0040310C: var_A8 = var_74
  loc_00403117: If var_38 < 5 Then GoTo loc_0040311F
  loc_00403119: var_eax = Err.Raise
  loc_0040311F: 'Referenced from: 00403117
  loc_00403122: If var_18 < 5 Then GoTo loc_0040312A
  loc_00403124: var_eax = Err.Raise
  loc_0040312A: 'Referenced from: 00403122
  loc_00403145: var_eax = call Proc_1_1_4039C0(eax+edx*8, eax+edx*8, var_A8)        '这里有误,应该是把数组名去掉了,看后面
  loc_0040314F: 
  loc_00403156: If 00000001h > 4 Then GoTo loc_004031E7
  loc_0040315F: If 00000001h < 5 Then GoTo loc_00403167
  loc_00403161: var_eax = Err.Raise
  loc_00403167: 'Referenced from: 0040315F
  loc_0040316F: If edx+ebx*8+00000004h <> 24 Then GoTo loc_004031D3          '这里还是有误,把变量名变反编译没了.  loc_00403167: mov edx, var_68   
  loc_00403174: If 00000001h < 5 Then GoTo loc_0040317C
  loc_00403176: var_eax = Err.Raise
  loc_0040317C: 'Referenced from: 00403174
  loc_004031B8: var_98 = var_98 & ecx+ebx*8 & " = 24" & "vbCrLf"
  loc_004031D3: 'Referenced from: 0040316F
  loc_004031D8: 00000001h = 00000001h + 00000001h
  loc_004031E2: GoTo loc_0040314F
  loc_004031E7: 'Referenced from: 004030FE
  loc_004031EF: 00000001h = 00000001h + var_38
  loc_004031FC: GoTo loc_004030DD
  loc_00403201: 'Referenced from: 004030CF
  loc_00403209: 00000001h = 00000001h + var_18
  loc_00403214: GoTo loc_004030AB
  loc_00403219: 'Referenced from: 004030B5


程序代码:
  loc_0040312A: mov edx, var_38              '数组下标
  loc_0040312D: mov eax, var_44              '数组地址
  loc_00403130: lea ecx, var_A8              '第三个参数地址
  loc_00403136: push ecx                     '第三个参数,按地址传递,把地址压栈
  loc_00403137: lea ecx, [eax+edx*8]         '地址 ,把地址装到 ecx 中,eax 是var_44,反编译中看不出,只能在反汇编中看到
  loc_0040313A: mov edx, var_18              '数组下标
  loc_0040313D: mov eax, var_24              '数组地址
  loc_00403140: push ecx                     'ecx 是 lea ecx, [eax+edx*8] 装了第二个参数的地址,现在才压栈,晕
  loc_00403141: lea ecx, [eax+edx*8]         '地址,第一个参数
  loc_00403144: push ecx                     '这次是直接压栈了
  loc_00403145: call 004039C0h               '调用函数


郁闷啊,这还是有 源代码的情况下,对着源码,反编译代码,反汇编代码看着都看得在吐血了。
反编译代码是软件在 反汇编代码的基础上猜的,有错误那也是没办法的。

再也不想看了。还是劝论坛前面那位朋友,老老实实想办法重启程序得了,不要想到去修改了,看这些代码,会死人了。

授人于鱼,不如授人于渔
早已停用QQ了
2015-07-17 22:57
风吹过b
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
等 级:贵宾
威 望:364
帖 子:4912
专家分:29900
注 册:2008-10-15
得分:0 
这个循环 P代码模式编译后,反编译后的代码:
程序代码:
  loc_4027B3: For var_11C = 1 To 4: var_100 = var_11C 'Long
  loc_4027C9:   If (var_A0(var_100).global_4 > 0) Then
  loc_4027D9:     For var_124 = 1 To 4: var_104 = var_124 'Long
  loc_4027EF:       If (var_BC(var_104).global_4 >= 0) Then
  loc_402806:         Proc_1_1_402378(var_A0(var_100), var_BC(var_104), var_D8, 1)
  loc_402818:         For var_12C = 1 To 4: var_108 = var_12C 'Long
  loc_40282E:           If (var_D8(var_108).global_4 = &H18) Then
  loc_40284D:             var_10C = var_10C & var_D8(var_108).global_0 & " = 24" & vbCrLf
  loc_402857:           End If
  loc_40285A:         Next var_12C 'Long
  loc_40285F:       End If
  loc_402862:     Next var_124 'Long
  loc_402867:   End If
  loc_40286A: Next var_11C 'Long


除下变量名外,偶尔函数的参数分析错误后,与源代码没找到什么区别。
警告:P代码模式是绝对不安全,编译时,无论如何不要使用 P代码 模式。

授人于鱼,不如授人于渔
早已停用QQ了
2015-07-17 23:08
风吹过b
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
等 级:贵宾
威 望:364
帖 子:4912
专家分:29900
注 册:2008-10-15
得分:0 
对着标准反汇编,
var_18      ebp-18h

ebp  理解为堆栈的基地址。

授人于鱼,不如授人于渔
早已停用QQ了
2015-07-17 23:16
HVB6
Rank: 7Rank: 7Rank: 7
等 级:贵宾
威 望:15
帖 子:320
专家分:561
注 册:2013-10-30
得分:1 
回复 4楼 风吹过b
原以为反编译出来的代码,全是01的,如1,64位机,则为0000000000000000000000000000000000000000000000000000000000000001.
2015-07-19 14:59
风吹过b
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
等 级:贵宾
威 望:364
帖 子:4912
专家分:29900
注 册:2008-10-15
得分:0 
什么有 十六进制,就是因为 写成  0000000000000000000000000000000000000000000000000000000000000001 难写,所以才有十六进制。
64位,也就是8个字节,写成
00 00 00 00 00 00 00 01h

授人于鱼,不如授人于渔
早已停用QQ了
2015-07-19 21:20
lianyicq
Rank: 12Rank: 12Rank: 12
等 级:贵宾
威 望:26
帖 子:735
专家分:3478
注 册:2013-1-26
得分:0 
风版真有心

大开眼界
2015-07-20 08:45



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-455498-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.927222 second(s), 7 queries.
Copyright©2004-2025, BCCN.NET, All Rights Reserved