void ReadExternalTable(ProjectInfo entity)
{
if (entity == null || entity.ExternalTables == null || entity.ExternalTables.Length <= 0)
{
return;
}
KernelWin.WriteLine("正在处理 {0}", typeof(ExternalTable).Name);
UInt32 address = (UInt32)entity.ExternalTable + ImageBase;
foreach (ExternalTable item in entity.ExternalTables)
{
Int32 addr = (Int32)(item.Address + ImageBase);
VBStruct.Make <ExternalTable>(item, address, true);
Bytes.MakeNameAnyway((UInt32)addr, String.Format("{0}_{1}", item.ExternalLibrary2.LibraryName2, item.ExternalLibrary2.LibraryFunction2));
}
//for (int i = 1; i < entity.ExternalTables.Length; i++)
//{
// Int32 addr = (Int32)(entity.ExternalTables[i].Address + ImageBase);
// VBStruct.Make<ExternalTable>(entity.ExternalTables[i], address, true);
// Bytes.MakeNameAnyway((UInt32)addr, "GUITable_" + entity.ExternalTables[i].ExternalLibrary2.LibraryName2);
//}
}
void ReadPublicObjectDescriptor(ObjectTable entity)
{
if (entity == null || entity.Objects == null || entity.Objects.Length <= 0)
{
return;
}
KernelWin.WriteLine("正在处理 {0}", typeof(PublicObjectDescriptor).Name);
UInt32 address = (UInt32)entity.Object + ImageBase;
foreach (PublicObjectDescriptor item in entity.Objects)
{
KernelWin.WriteLine("对象 {0}", item.Name);
Int32 addr = (Int32)(item.Address + ImageBase);
VBStruct.Make <PublicObjectDescriptor>(item, address, true);
Bytes.MakeNameAnyway((UInt32)addr, item.Name);
//ReadPublicObjectDescriptor(item);
ReadObjectInfo(item.ObjectInfo2, item);
ReadOptionalObjectInfo(item.OptionalObjectInfo, item);
ReadProcName(item);
}
}
void ReadGUITable(VBHeader header)
{
if (header == null || header.GUITables == null || header.GUITables.Length <= 0)
{
return;
}
KernelWin.WriteLine("正在处理界面 {0}", typeof(GUITable).Name);
UInt32 address = (UInt32)header.GUITable;
for (int i = 0; i < header.GUITables.Length; i++)
{
GUITable item = header.GUITables[i];
String name = "GUITable_" + i.ToString("X2");
//if(item.FormPointer2!=null&&item.FormPointer2.
KernelWin.WriteLine("界面 {0}", name);
UInt32 addr = (UInt32)(item.Address + ImageBase);
VBStruct.Make <GUITable>(item, address, true);
Bytes.MakeNameAnyway(addr, name);
}
}
void ReadComRegData(ComRegData entity)
{
if (entity == null)
{
return;
}
KernelWin.WriteLine("正在处理COM数据 {0}", typeof(ComRegData).Name);
UInt32 address = (UInt32)entity.Address + ImageBase;
VBStruct.Make <ComRegData>(entity, address, true);
if (entity.RegInfo2 == null || entity.RegInfo2.Length <= 0)
{
return;
}
foreach (ComRegInfo item in entity.RegInfo2)
{
KernelWin.WriteLine("COM组件 {0}", item.Name);
Int32 addr = (Int32)(item.Address + ImageBase);
VBStruct.Make <ComRegInfo>(item, address, true);
Bytes.MakeNameAnyway((UInt32)addr, "Com_" + item.Name);
}
}
void ReadProjectInfo2(ProjectInfo2 entity)
{
if (entity == null)
{
return;
}
KernelWin.WriteLine("正在处理 {0}", typeof(ProjectInfo2).Name);
UInt32 address = (UInt32)entity.Address + ImageBase;
VBStruct.Make <ProjectInfo2>(entity, address, true);
}
void ReadProcName(PublicObjectDescriptor entity)
{
if (entity == null || entity.ProcNames == null || entity.ProcNames.Length <= 0)
{
return;
}
foreach (ProcName item in entity.ProcNames)
{
UInt32 addr = (UInt32)(item.Address + ImageBase);
VBStruct.Make <ProcName>(item, addr, true);
Bytes.MakeNameAnyway(addr, String.Format("{0}_{1}", entity.Name, item.FriendName));
}
}
void ReadObjectTable(ObjectTable entity)
{
if (entity == null)
{
return;
}
KernelWin.WriteLine("正在处理 {0}", typeof(ObjectTable).Name);
UInt32 address = (UInt32)entity.Address + ImageBase;
VBStruct.Make <ObjectTable>(entity, address, true);
ReadProjectInfo2(entity.ProjectInfo22);
ReadPublicObjectDescriptor(entity);
}
void ReadObjectInfo(ObjectInfo entity, PublicObjectDescriptor parent)
{
if (entity == null)
{
return;
}
UInt32 address = (UInt32)entity.Address + ImageBase;
VBStruct.Make <ObjectInfo>(entity, address, true);
Bytes.MakeNameAnyway((UInt32)address, "Inf_" + parent.Name);
if (entity.PrivateObject2 != null)
{
address = (UInt32)entity.PrivateObject2.Address + ImageBase;
VBStruct.Make <PrivateObjectDescriptor>(entity.PrivateObject2, address, true);
Bytes.MakeNameAnyway((UInt32)address, "FormList_" + parent.Name);
}
}
void ReadProjectInfo(ProjectInfo entity)
{
if (entity == null)
{
return;
}
KernelWin.WriteLine("正在处理工程信息 {0}", typeof(ProjectInfo).Name);
UInt32 address = (UInt32)entity.Address + ImageBase;
VBStruct.Make <ProjectInfo>(entity, address, true);
Bytes.MakeLabelAnyway((UInt32)entity.StartOfCode, "StartOfCode");
Bytes.MakeLabelAnyway((UInt32)entity.EndOfCode, "EndOfCode");
Bytes.MakeLabelAnyway((UInt32)entity.VBAExceptionHandler, "VBAExceptionHandler");
Bytes.MakeLabelAnyway((UInt32)entity.NativeCode, "NativeCode");
ReadExternalTable(entity);
ReadObjectTable(entity.ObjectTable2);
}
void ReadExternalComponentTable(VBHeader header)
{
if (header == null || header.ExternalComponentTables == null || header.ExternalComponentTables.Length <= 0)
{
return;
}
KernelWin.WriteLine("正在处理外部组件 {0}", typeof(ExternalComponentTable).Name);
UInt32 address = (UInt32)header.ExternalComponentTable;
foreach (ExternalComponentTable item in header.ExternalComponentTables)
{
KernelWin.WriteLine("外部组件 {0}", item.Name2);
UInt32 addr = (UInt32)(item.Address + ImageBase);
VBStruct.Make <ExternalComponentTable>(item, addr, true);
Bytes.MakeNameAnyway(addr, "Ext_" + item.Name2);
}
}
void ReadHeader(BinaryReader reader)
{
KernelWin.WriteLine("正在处理头部 {0}", typeof(VBHeader).Name);
//Seek(reader, Header - ImageBase);
VBHeader header = HeaderInfo;
//header.Info = this;
//header.Read(reader);
//HeaderInfo = header;
UInt32 address = Header;
//if (!VBStruct.Make<VBHeader>(header)) throw new Exception("创建结构体失败!");
VBStruct.Make <VBHeader>(header, address, true);
ReadProjectInfo(header.ProjectInfo2);
ReadComRegData(header.ComRegisterData2);
ReadGUITable(header);
ReadExternalComponentTable(header);
}
void ReadOptionalObjectInfo(OptionalObjectInfo entity, PublicObjectDescriptor parent)
{
if (entity == null)
{
return;
}
UInt32 address = (UInt32)entity.Address + ImageBase;
VBStruct.Make <OptionalObjectInfo>(entity, address, true);
Bytes.MakeNameAnyway((UInt32)address, "OptInf_" + parent.Name);
if (entity.Controls != null && entity.Controls.Length > 0)
{
//address = (UInt32)entity.Address + ImageBase;
if (entity.Controls.Length == 1)
{
address = (UInt32)entity.Controls[0].Address + ImageBase;
VBStruct.Make <VBControl>(entity.Controls[0], address, true);
Bytes.MakeNameAnyway((UInt32)address, "Control_" + parent.Name);
}
else
{
foreach (VBControl item in entity.Controls)
{
address = (UInt32)item.Address + ImageBase;
VBStruct.Make <VBControl>(item, address, true);
Bytes.MakeNameAnyway((UInt32)address, "Control_" + parent.Name + "_" + item.Name2);
}
}
}
if (entity.EventLinks != null && entity.EventLinks.Length > 0)
{
Int32 i = 1;
foreach (EventLink2 item in entity.EventLinks)
{
address = (UInt32)item.Address + ImageBase;
VBStruct.Make <EventLink2>(item, address, true);
// 事件列表命名
String name = String.Empty;
if (parent.ProcNames != null && parent.ProcNames.Length > i - 1)
{
name = parent.Name + "_" + parent.ProcNames[i - 1].FriendName;
}
if (String.IsNullOrEmpty(name))
{
name = parent.Name + "_" + i.ToString("X2");
}
i++;
Bytes.MakeNameAnyway((UInt32)address, "Event_" + name);
// 跳转命名
address = (UInt32)item.Jump;
Bytes.MakeNameAnyway(address, "j" + name);
Bytes.MakeCode(address);
// 函数命名
if (Bytes.Byte(address) == 0xE9)
{
// Jump语句,下一个字就是函数起始地址
address = Bytes.Dword(address + 1) + address + 5;
Function func = Function.FindByAddress(address);
if (func == null)
{
// 如果函数不存在,则创建函数
Function.Add(address, Bytes.BadAddress);
func = Function.FindByAddress(address);
}
else
{
// 函数存在,但是函数的起始地址并不是当前行,表明这个函数分析有错,修改地址
if (func.Start != address)
{
//Function.Delete(func.Start);
//Function.Add(func.Start, address - 1);
func.End = address - 1;
Function.Add(address, Bytes.BadAddress);
func = Function.FindByAddress(address);
}
}
if (func == null)
{
KernelWin.WriteLine("0x{0:X} 创建函数失败!", address);
}
else
{
Bytes.MakeLabelAnyway(address, name);
}
}
}
}
}
