void ReadGUITable(VBHeader header)
{
if (header == null || header.GUITables == null || header.GUITables.Length <= 0)
{
return;
}
KernelWin.WriteLine("正在处理界面 {0}", typeof(GUITable).Name);
UInt32 address = (UInt32)header.GUITable;
for (int i = 0; i < header.GUITables.Length; i++)
{
GUITable item = header.GUITables[i];
String name = "GUITable_" + i.ToString("X2");
//if(item.FormPointer2!=null&&item.FormPointer2.
KernelWin.WriteLine("界面 {0}", name);
UInt32 addr = (UInt32)(item.Address + ImageBase);
VBStruct.Make <GUITable>(item, address, true);
Bytes.MakeNameAnyway(addr, name);
}
}
private void 打开ToolStripMenuItem_Click(object sender, EventArgs e)
{
if (openFileDialog1.ShowDialog() != DialogResult.OK)
{
return;
}
//BinaryReader reader = new BinaryReader(File.Open(openFileDialog1.FileName, FileMode.Open, FileAccess.Read));
Byte[] buffer = File.ReadAllBytes(openFileDialog1.FileName);
BinaryReader reader = new BinaryReader(new MemoryStream(buffer));
VBInfo info = VBInfo.Current;
info.Reader = reader;
info.ReadInfo(reader);
reader.BaseStream.Seek(info.Header - info.ImageBase, SeekOrigin.Begin);
VBHeader header = new VBHeader();
header.Info = info;
header.Read(reader);
info.HeaderInfo = header;
LoadVBInfo(info);
}
void ReadExternalComponentTable(VBHeader header)
{
if (header == null || header.ExternalComponentTables == null || header.ExternalComponentTables.Length <= 0)
{
return;
}
KernelWin.WriteLine("正在处理外部组件 {0}", typeof(ExternalComponentTable).Name);
UInt32 address = (UInt32)header.ExternalComponentTable;
foreach (ExternalComponentTable item in header.ExternalComponentTables)
{
KernelWin.WriteLine("外部组件 {0}", item.Name2);
UInt32 addr = (UInt32)(item.Address + ImageBase);
VBStruct.Make <ExternalComponentTable>(item, addr, true);
Bytes.MakeNameAnyway(addr, "Ext_" + item.Name2);
}
}
void ReadHeader(BinaryReader reader)
{
KernelWin.WriteLine("正在处理头部 {0}", typeof(VBHeader).Name);
//Seek(reader, Header - ImageBase);
VBHeader header = HeaderInfo;
//header.Info = this;
//header.Read(reader);
//HeaderInfo = header;
UInt32 address = Header;
//if (!VBStruct.Make<VBHeader>(header)) throw new Exception("创建结构体失败!");
VBStruct.Make <VBHeader>(header, address, true);
ReadProjectInfo(header.ProjectInfo2);
ReadComRegData(header.ComRegisterData2);
ReadGUITable(header);
ReadExternalComponentTable(header);
}
public static void Test()
{
String filename = @"D:\CrackMe.exe";
Byte[] buffer = File.ReadAllBytes(filename);
BinaryReader reader = new BinaryReader(new MemoryStream(buffer));
VBInfo.Current.ReadInfo(reader);
//DosHeader dosHeader = new DosHeader();
//dosHeader.Read(reader);
//dosHeader.Show(true);
//Console.WriteLine();
//FileHeader fileHeader = new FileHeader();
//fileHeader.Read(reader);
//fileHeader.Show(false);
//Console.WriteLine();
//OptionalHeader optionalHeader = new OptionalHeader();
//optionalHeader.Read(reader);
//optionalHeader.Show(false);
//Console.WriteLine();
VBInfo info = VBInfo.Current;
//info.ImageBase = 0x11000000;
//info.Header = 0x110079A4;
//info.ImageBase = 0x400000;
//info.Header = 0x441944;
info.ReadInfo(reader);
reader.BaseStream.Seek(info.Header - info.ImageBase, SeekOrigin.Begin);
VBHeader header = new VBHeader();
header.Info = info;
header.Read(reader);
//header.ReadExtend();
header.Show(true);
//ComRegData regdata = header.ComRegisterData2;
//regdata.ReadExtend();
//Console.WriteLine();
//Console.WriteLine("ComRegData:");
//regdata.Show();
//ComRegInfo reginfo = regdata.RegInfo2;
//while (reginfo != null)
//{
// reginfo.ReadExtend();
// Console.WriteLine();
// Console.WriteLine("ComRegInfo:");
// reginfo.Show();
// reginfo = reginfo.Next;
//}
//ProjectInfo pinfo = header.ProjectInfo2;
////pinfo.ReadExtend();
//Console.WriteLine();
//Console.WriteLine("ProjectInfo:");
//pinfo.Show();
}
/// <summary>
/// 读取基本信息
/// </summary>
public void ReadInfo(BinaryReader reader)
{
//Seek(reader, 0x3c);
//PEoffset = reader.ReadInt32();
//Seek(reader, PEoffset + 0x34);
//ImageBase = reader.ReadUInt32();
//Seek(reader, PEoffset + 0x28);
//PEEntry = reader.ReadUInt32() + ImageBase;
//KernelWin.WriteLine("PEEntry:0x{0:X}", PEEntry);
//PEEntry = Entry.GetEntryPoint(Entry.GetEntryOrdinal(0));
//KernelWin.WriteLine("EntryOrdinal:0x{0:X}", Entry.GetEntryOrdinal(0));
//KernelWin.WriteLine("PEEntry:0x{0:X}", PEEntry);
DosHeader dosHeader = new DosHeader();
dosHeader.Read(reader);
PEoffset = dosHeader.NewExeHeader;
ImageBase = (UInt32)dosHeader.OptionalHeader.ImageBase;
ExportDirectory export = dosHeader.OptionalHeader.Export;
Int32 address = 0;
if (export != null)
{
Seek(reader, export.AddressOfFunctions);
address = reader.ReadInt32();
}
else
{
address = dosHeader.OptionalHeader.AddressOfEntryPoint;
}
PEEntry = (UInt32)address + ImageBase;
Seek(reader, PEEntry - ImageBase);
long temp = reader.ReadByte();
if (temp == 0x68)
{
temp = PEEntry + 1 - ImageBase;
}
else if (temp == 0x58)
{
temp = PEEntry + 2 - ImageBase;
}
Seek(reader, temp);
Header = reader.ReadUInt32();
//VBSig = IDCFunction.EvalAndReturnLong("Dword(" + VBHeader + ")");
//VBSig = Bytes.Dword(Header);
if (Header - ImageBase > reader.BaseStream.Length)
{
throw new Exception("非VB文件格式!");
}
Seek(reader, Header - ImageBase);
VBSig = reader.ReadUInt32();
if (VBSig != 0x21354256) //VB5
{
throw new Exception(String.Format("错误VB签名:0x{0:X}", VBSig));
}
//temp = IDCFunction.EvalAndReturnLong("Word(" + VBHeader + "+0x22)");
//temp = Bytes.Word((UInt32)Header + 0x22);
Seek(reader, Header + 0x22 - ImageBase);
temp = reader.ReadInt16();
if (temp < 0x0a)
{
throw new Exception("不是VB6程序!");
}
Seek(reader, Header - ImageBase);
VBHeader header = new VBHeader();
header.Info = this;
header.Read(reader);
HeaderInfo = header;
}
public void LoadVBInfo(VBInfo info)
{
treeView1.Nodes.Clear();
TreeNodeCollection rootNodes = treeView1.Nodes;
TreeNodeCollection nodes = rootNodes;
TreeNode node = null;
VBHeader vbheader = info.HeaderInfo;
node = rootNodes.Add(typeof(VBHeader).Name);
node.Tag = vbheader;
node = rootNodes.Add(typeof(ProjectInfo).Name);
node.Tag = vbheader.ProjectInfo2;
if (vbheader.ProjectInfo2.ObjectTable2 != null)
{
node = rootNodes.Add(typeof(ObjectTable).Name);
ObjectTable entity = vbheader.ProjectInfo2.ObjectTable2;
node.Tag = entity;
if (entity.ProjectInfo22 != null)
{
node = rootNodes.Add(typeof(ProjectInfo2).Name);
node.Tag = entity.ProjectInfo22;
}
if (entity.Objects != null && entity.Objects.Length > 0)
{
node = rootNodes.Add("对象");
nodes = node.Nodes;
foreach (PublicObjectDescriptor item in entity.Objects)
{
node = nodes.Add(item.Name);
node.Tag = item;
TreeNode node2 = null;
if (item.ObjectInfo2 != null)
{
node2 = node.Nodes.Add(typeof(ObjectInfo).Name);
node2.Tag = item.ObjectInfo2;
}
if (item.OptionalObjectInfo != null)
{
node2 = node.Nodes.Add(typeof(OptionalObjectInfo).Name);
node2.Tag = item.OptionalObjectInfo;
TreeNode node3 = null;
if (item.OptionalObjectInfo.EventLinks != null && item.OptionalObjectInfo.EventLinks.Length > 0)
{
node2 = node.Nodes.Add("事件");
Int32 i = 1;
foreach (EventLink2 elm in item.OptionalObjectInfo.EventLinks)
{
String name = String.Empty;
if (item.ProcNames != null && item.ProcNames.Length > i - 1)
{
name = item.Name + "_" + item.ProcNames[i - 1].FriendName;
}
if (String.IsNullOrEmpty(name))
{
name = item.Name + "_" + i.ToString("X2");
}
i++;
node3 = node2.Nodes.Add(name);
node3.Tag = elm;
}
}
if (item.OptionalObjectInfo.Controls != null && item.OptionalObjectInfo.Controls.Length > 0)
{
node2 = node.Nodes.Add("控件");
foreach (VBControl elm in item.OptionalObjectInfo.Controls)
{
node3 = node2.Nodes.Add(elm.Name2);
node3.Tag = elm;
}
}
}
//if (item.ProcNames != null && item.ProcNames.Length > 0)
//{
// foreach (ProcName elm in item.ProcNames)
// {
// node2 = node.Nodes.Add(elm.Name);
// node2.Tag = elm;
// }
//}
}
}
}
if (vbheader.ComRegisterData2 != null)
{
node = rootNodes.Add(typeof(ComRegData).Name);
ComRegData entity = vbheader.ComRegisterData2;
node.Tag = entity;
if (entity.RegInfo2 != null && entity.RegInfo2.Length > 0)
{
node = rootNodes.Add("COM注册");
nodes = node.Nodes;
foreach (ComRegInfo item in entity.RegInfo2)
{
node = nodes.Add(item.Name);
node.Tag = item;
}
}
}
if (vbheader.ExternalComponentTables != null && vbheader.ExternalComponentTables.Length > 0)
{
node = rootNodes.Add("引用组件");
nodes = node.Nodes;
foreach (ExternalComponentTable item in vbheader.ExternalComponentTables)
{
node = nodes.Add(item.Name2);
node.Tag = item;
}
}
if (vbheader.GUITables != null && vbheader.GUITables.Length > 0)
{
node = rootNodes.Add("窗体");
nodes = node.Nodes;
foreach (GUITable item in vbheader.GUITables)
{
node = nodes.Add(typeof(GUITable).Name);
node.Tag = item;
}
}
}
