C# (CSharp) VBKiller VBStruct Examples

Example #1

        void ReadPublicObjectDescriptor(ObjectTable entity)
        {
            if (entity == null || entity.Objects == null || entity.Objects.Length <= 0)
            {
                return;
            }

            KernelWin.WriteLine("正在处理 {0}", typeof(PublicObjectDescriptor).Name);

            UInt32 address = (UInt32)entity.Object + ImageBase;

            foreach (PublicObjectDescriptor item in entity.Objects)
            {
                KernelWin.WriteLine("对象 {0}", item.Name);

                Int32 addr = (Int32)(item.Address + ImageBase);

                VBStruct.Make <PublicObjectDescriptor>(item, address, true);

                Bytes.MakeNameAnyway((UInt32)addr, item.Name);

                //ReadPublicObjectDescriptor(item);

                ReadObjectInfo(item.ObjectInfo2, item);
                ReadOptionalObjectInfo(item.OptionalObjectInfo, item);
                ReadProcName(item);
            }
        }

Example #2

        void ReadGUITable(VBHeader header)
        {
            if (header == null || header.GUITables == null || header.GUITables.Length <= 0)
            {
                return;
            }

            KernelWin.WriteLine("正在处理界面 {0}", typeof(GUITable).Name);

            UInt32 address = (UInt32)header.GUITable;

            for (int i = 0; i < header.GUITables.Length; i++)
            {
                GUITable item = header.GUITables[i];

                String name = "GUITable_" + i.ToString("X2");
                //if(item.FormPointer2!=null&&item.FormPointer2.

                KernelWin.WriteLine("界面 {0}", name);

                UInt32 addr = (UInt32)(item.Address + ImageBase);
                VBStruct.Make <GUITable>(item, address, true);
                Bytes.MakeNameAnyway(addr, name);
            }
        }

Example #3

        void ReadExternalTable(ProjectInfo entity)
        {
            if (entity == null || entity.ExternalTables == null || entity.ExternalTables.Length <= 0)
            {
                return;
            }

            KernelWin.WriteLine("正在处理 {0}", typeof(ExternalTable).Name);

            UInt32 address = (UInt32)entity.ExternalTable + ImageBase;

            foreach (ExternalTable item in entity.ExternalTables)
            {
                Int32 addr = (Int32)(item.Address + ImageBase);

                VBStruct.Make <ExternalTable>(item, address, true);

                Bytes.MakeNameAnyway((UInt32)addr, String.Format("{0}_{1}", item.ExternalLibrary2.LibraryName2, item.ExternalLibrary2.LibraryFunction2));
            }
            //for (int i = 1; i < entity.ExternalTables.Length; i++)
            //{
            //    Int32 addr = (Int32)(entity.ExternalTables[i].Address + ImageBase);

            //    VBStruct.Make<ExternalTable>(entity.ExternalTables[i], address, true);

            //    Bytes.MakeNameAnyway((UInt32)addr, "GUITable_" + entity.ExternalTables[i].ExternalLibrary2.LibraryName2);
            //}
        }

Example #4

        void ReadComRegData(ComRegData entity)
        {
            if (entity == null)
            {
                return;
            }

            KernelWin.WriteLine("正在处理COM数据 {0}", typeof(ComRegData).Name);

            UInt32 address = (UInt32)entity.Address + ImageBase;

            VBStruct.Make <ComRegData>(entity, address, true);

            if (entity.RegInfo2 == null || entity.RegInfo2.Length <= 0)
            {
                return;
            }

            foreach (ComRegInfo item in entity.RegInfo2)
            {
                KernelWin.WriteLine("COM组件 {0}", item.Name);

                Int32 addr = (Int32)(item.Address + ImageBase);

                VBStruct.Make <ComRegInfo>(item, address, true);

                Bytes.MakeNameAnyway((UInt32)addr, "Com_" + item.Name);
            }
        }

Example #5

        void ReadProjectInfo2(ProjectInfo2 entity)
        {
            if (entity == null)
            {
                return;
            }

            KernelWin.WriteLine("正在处理 {0}", typeof(ProjectInfo2).Name);

            UInt32 address = (UInt32)entity.Address + ImageBase;

            VBStruct.Make <ProjectInfo2>(entity, address, true);
        }

Example #6

        void ReadProcName(PublicObjectDescriptor entity)
        {
            if (entity == null || entity.ProcNames == null || entity.ProcNames.Length <= 0)
            {
                return;
            }

            foreach (ProcName item in entity.ProcNames)
            {
                UInt32 addr = (UInt32)(item.Address + ImageBase);

                VBStruct.Make <ProcName>(item, addr, true);

                Bytes.MakeNameAnyway(addr, String.Format("{0}_{1}", entity.Name, item.FriendName));
            }
        }

Example #7

        void ReadObjectTable(ObjectTable entity)
        {
            if (entity == null)
            {
                return;
            }

            KernelWin.WriteLine("正在处理 {0}", typeof(ObjectTable).Name);

            UInt32 address = (UInt32)entity.Address + ImageBase;

            VBStruct.Make <ObjectTable>(entity, address, true);

            ReadProjectInfo2(entity.ProjectInfo22);
            ReadPublicObjectDescriptor(entity);
        }

Example #8

        void ReadObjectInfo(ObjectInfo entity, PublicObjectDescriptor parent)
        {
            if (entity == null)
            {
                return;
            }

            UInt32 address = (UInt32)entity.Address + ImageBase;

            VBStruct.Make <ObjectInfo>(entity, address, true);
            Bytes.MakeNameAnyway((UInt32)address, "Inf_" + parent.Name);

            if (entity.PrivateObject2 != null)
            {
                address = (UInt32)entity.PrivateObject2.Address + ImageBase;
                VBStruct.Make <PrivateObjectDescriptor>(entity.PrivateObject2, address, true);
                Bytes.MakeNameAnyway((UInt32)address, "FormList_" + parent.Name);
            }
        }

Example #9

        void ReadProjectInfo(ProjectInfo entity)
        {
            if (entity == null)
            {
                return;
            }

            KernelWin.WriteLine("正在处理工程信息 {0}", typeof(ProjectInfo).Name);

            UInt32 address = (UInt32)entity.Address + ImageBase;

            VBStruct.Make <ProjectInfo>(entity, address, true);

            Bytes.MakeLabelAnyway((UInt32)entity.StartOfCode, "StartOfCode");
            Bytes.MakeLabelAnyway((UInt32)entity.EndOfCode, "EndOfCode");
            Bytes.MakeLabelAnyway((UInt32)entity.VBAExceptionHandler, "VBAExceptionHandler");
            Bytes.MakeLabelAnyway((UInt32)entity.NativeCode, "NativeCode");

            ReadExternalTable(entity);
            ReadObjectTable(entity.ObjectTable2);
        }

Example #10

        void ReadExternalComponentTable(VBHeader header)
        {
            if (header == null || header.ExternalComponentTables == null || header.ExternalComponentTables.Length <= 0)
            {
                return;
            }

            KernelWin.WriteLine("正在处理外部组件 {0}", typeof(ExternalComponentTable).Name);

            UInt32 address = (UInt32)header.ExternalComponentTable;

            foreach (ExternalComponentTable item in header.ExternalComponentTables)
            {
                KernelWin.WriteLine("外部组件 {0}", item.Name2);

                UInt32 addr = (UInt32)(item.Address + ImageBase);

                VBStruct.Make <ExternalComponentTable>(item, addr, true);

                Bytes.MakeNameAnyway(addr, "Ext_" + item.Name2);
            }
        }

Example #11

        void ReadHeader(BinaryReader reader)
        {
            KernelWin.WriteLine("正在处理头部 {0}", typeof(VBHeader).Name);

            //Seek(reader, Header - ImageBase);

            VBHeader header = HeaderInfo;
            //header.Info = this;
            //header.Read(reader);

            //HeaderInfo = header;

            UInt32 address = Header;

            //if (!VBStruct.Make<VBHeader>(header)) throw new Exception("创建结构体失败！");
            VBStruct.Make <VBHeader>(header, address, true);

            ReadProjectInfo(header.ProjectInfo2);
            ReadComRegData(header.ComRegisterData2);
            ReadGUITable(header);
            ReadExternalComponentTable(header);
        }

Example #12

        void ReadOptionalObjectInfo(OptionalObjectInfo entity, PublicObjectDescriptor parent)
        {
            if (entity == null)
            {
                return;
            }

            UInt32 address = (UInt32)entity.Address + ImageBase;

            VBStruct.Make <OptionalObjectInfo>(entity, address, true);
            Bytes.MakeNameAnyway((UInt32)address, "OptInf_" + parent.Name);

            if (entity.Controls != null && entity.Controls.Length > 0)
            {
                //address = (UInt32)entity.Address + ImageBase;

                if (entity.Controls.Length == 1)
                {
                    address = (UInt32)entity.Controls[0].Address + ImageBase;
                    VBStruct.Make <VBControl>(entity.Controls[0], address, true);
                    Bytes.MakeNameAnyway((UInt32)address, "Control_" + parent.Name);
                }
                else
                {
                    foreach (VBControl item in entity.Controls)
                    {
                        address = (UInt32)item.Address + ImageBase;
                        VBStruct.Make <VBControl>(item, address, true);
                        Bytes.MakeNameAnyway((UInt32)address, "Control_" + parent.Name + "_" + item.Name2);
                    }
                }
            }

            if (entity.EventLinks != null && entity.EventLinks.Length > 0)
            {
                Int32 i = 1;
                foreach (EventLink2 item in entity.EventLinks)
                {
                    address = (UInt32)item.Address + ImageBase;
                    VBStruct.Make <EventLink2>(item, address, true);

                    // 事件列表命名
                    String name = String.Empty;
                    if (parent.ProcNames != null && parent.ProcNames.Length > i - 1)
                    {
                        name = parent.Name + "_" + parent.ProcNames[i - 1].FriendName;
                    }
                    if (String.IsNullOrEmpty(name))
                    {
                        name = parent.Name + "_" + i.ToString("X2");
                    }
                    i++;
                    Bytes.MakeNameAnyway((UInt32)address, "Event_" + name);

                    // 跳转命名
                    address = (UInt32)item.Jump;
                    Bytes.MakeNameAnyway(address, "j" + name);
                    Bytes.MakeCode(address);

                    // 函数命名
                    if (Bytes.Byte(address) == 0xE9)
                    {
                        // Jump语句，下一个字就是函数起始地址
                        address = Bytes.Dword(address + 1) + address + 5;

                        Function func = Function.FindByAddress(address);
                        if (func == null)
                        {
                            // 如果函数不存在，则创建函数
                            Function.Add(address, Bytes.BadAddress);
                            func = Function.FindByAddress(address);
                        }
                        else
                        {
                            // 函数存在，但是函数的起始地址并不是当前行，表明这个函数分析有错，修改地址
                            if (func.Start != address)
                            {
                                //Function.Delete(func.Start);
                                //Function.Add(func.Start, address - 1);
                                func.End = address - 1;

                                Function.Add(address, Bytes.BadAddress);
                                func = Function.FindByAddress(address);
                            }
                        }

                        if (func == null)
                        {
                            KernelWin.WriteLine("0x{0:X} 创建函数失败！", address);
                        }
                        else
                        {
                            Bytes.MakeLabelAnyway(address, name);
                        }
                    }
                }
            }
        }

Example #13

        /// <summary>
        /// 创建并标识结构体
        /// </summary>
        /// <typeparam name="TEntity">结构体实体类型</typeparam>
        /// <param name="entity">结构体数据实体</param>
        /// <param name="address">结构体基地址，引用类型的成员可能需要该地址作为相对地址</param>
        /// <param name="canPostfix">当名称已存在时，是否允许使用后缀</param>
        /// <returns></returns>
        public static Struct Make <TEntity>(TEntity entity, UInt32 address, Boolean canPostfix) where TEntity : EntityBase <TEntity>, new()
        {
            Int32 addr = (Int32)(entity.Address + entity.Info.ImageBase);

            Struct st = VBStruct.Create <TEntity>(entity, address, canPostfix);

            if (st == null)
            {
                throw new Exception(String.Format("为类型{0}创建结构体失败！", typeof(TEntity)));
            }

            Bytes.MakeNameAnyway((UInt32)addr, typeof(TEntity).Name);

            //KernelWin.WriteLine("MakeStruct: 0x{0:X8} {1:X}h {2}", addr, (Int32)EntityBase<TEntity>.ObjectSize, st.Name);
            //Bytes.MakeStruct(addr, (Int32)EntityBase<TEntity>.ObjectSize, st.Name);
            MakeStruct <TEntity>(addr, st);

            // 处理结构体成员中的字符串
            Dictionary <String, DataFieldItem> dic = DataFieldItem.GetFields(typeof(TEntity));

            foreach (DataFieldItem item in dic.Values)
            {
                if (item.Attribute.RefType != typeof(String))
                {
                    continue;
                }

                // 先直接取地址
                Int32 temp = Convert.ToInt32(item.Property.GetValue(entity, null));
                if (temp <= 0)
                {
                    continue;
                }

                UInt32 address2 = (UInt32)temp;
                switch (item.Attribute.RefKind)
                {
                case RefKinds.Virtual:
                    break;

                case RefKinds.Relative:
                    // 相对，加上前面的结构体基地址
                    address2 += (UInt32)entity.Address;
                    break;

                case RefKinds.Auto:
                    // 如果小于基址，可能是相对地址
                    if (address2 < entity.Info.ImageBase && address2 > 0)
                    {
                        address2 += (UInt32)entity.Address;
                    }
                    break;

                case RefKinds.Absolute:
                    throw new Exception("不支持的类型：" + item.Attribute.RefKind);
                }

                if (address2 <= 0)
                {
                    continue;
                }

                // 标为字符串
                //Bytes.MakeUnknown(address2, 0);
                Bytes.MakeAscii(address2, (Int32)Bytes.BadAddress, StringType.C);
            }

            return(st);
        }