private void 打开ToolStripMenuItem_Click(object sender, EventArgs e)
{
if (openFileDialog1.ShowDialog() != DialogResult.OK)
{
return;
}
//BinaryReader reader = new BinaryReader(File.Open(openFileDialog1.FileName, FileMode.Open, FileAccess.Read));
Byte[] buffer = File.ReadAllBytes(openFileDialog1.FileName);
BinaryReader reader = new BinaryReader(new MemoryStream(buffer));
VBInfo info = VBInfo.Current;
info.Reader = reader;
info.ReadInfo(reader);
reader.BaseStream.Seek(info.Header - info.ImageBase, SeekOrigin.Begin);
VBHeader header = new VBHeader();
header.Info = info;
header.Read(reader);
info.HeaderInfo = header;
LoadVBInfo(info);
}
public static void Test()
{
String filename = @"D:\CrackMe.exe";
Byte[] buffer = File.ReadAllBytes(filename);
BinaryReader reader = new BinaryReader(new MemoryStream(buffer));
VBInfo.Current.ReadInfo(reader);
//DosHeader dosHeader = new DosHeader();
//dosHeader.Read(reader);
//dosHeader.Show(true);
//Console.WriteLine();
//FileHeader fileHeader = new FileHeader();
//fileHeader.Read(reader);
//fileHeader.Show(false);
//Console.WriteLine();
//OptionalHeader optionalHeader = new OptionalHeader();
//optionalHeader.Read(reader);
//optionalHeader.Show(false);
//Console.WriteLine();
VBInfo info = VBInfo.Current;
//info.ImageBase = 0x11000000;
//info.Header = 0x110079A4;
//info.ImageBase = 0x400000;
//info.Header = 0x441944;
info.ReadInfo(reader);
reader.BaseStream.Seek(info.Header - info.ImageBase, SeekOrigin.Begin);
VBHeader header = new VBHeader();
header.Info = info;
header.Read(reader);
//header.ReadExtend();
header.Show(true);
//ComRegData regdata = header.ComRegisterData2;
//regdata.ReadExtend();
//Console.WriteLine();
//Console.WriteLine("ComRegData:");
//regdata.Show();
//ComRegInfo reginfo = regdata.RegInfo2;
//while (reginfo != null)
//{
// reginfo.ReadExtend();
// Console.WriteLine();
// Console.WriteLine("ComRegInfo:");
// reginfo.Show();
// reginfo = reginfo.Next;
//}
//ProjectInfo pinfo = header.ProjectInfo2;
////pinfo.ReadExtend();
//Console.WriteLine();
//Console.WriteLine("ProjectInfo:");
//pinfo.Show();
}
/// <summary>
/// 读取基本信息
/// </summary>
public void ReadInfo(BinaryReader reader)
{
//Seek(reader, 0x3c);
//PEoffset = reader.ReadInt32();
//Seek(reader, PEoffset + 0x34);
//ImageBase = reader.ReadUInt32();
//Seek(reader, PEoffset + 0x28);
//PEEntry = reader.ReadUInt32() + ImageBase;
//KernelWin.WriteLine("PEEntry:0x{0:X}", PEEntry);
//PEEntry = Entry.GetEntryPoint(Entry.GetEntryOrdinal(0));
//KernelWin.WriteLine("EntryOrdinal:0x{0:X}", Entry.GetEntryOrdinal(0));
//KernelWin.WriteLine("PEEntry:0x{0:X}", PEEntry);
DosHeader dosHeader = new DosHeader();
dosHeader.Read(reader);
PEoffset = dosHeader.NewExeHeader;
ImageBase = (UInt32)dosHeader.OptionalHeader.ImageBase;
ExportDirectory export = dosHeader.OptionalHeader.Export;
Int32 address = 0;
if (export != null)
{
Seek(reader, export.AddressOfFunctions);
address = reader.ReadInt32();
}
else
{
address = dosHeader.OptionalHeader.AddressOfEntryPoint;
}
PEEntry = (UInt32)address + ImageBase;
Seek(reader, PEEntry - ImageBase);
long temp = reader.ReadByte();
if (temp == 0x68)
{
temp = PEEntry + 1 - ImageBase;
}
else if (temp == 0x58)
{
temp = PEEntry + 2 - ImageBase;
}
Seek(reader, temp);
Header = reader.ReadUInt32();
//VBSig = IDCFunction.EvalAndReturnLong("Dword(" + VBHeader + ")");
//VBSig = Bytes.Dword(Header);
if (Header - ImageBase > reader.BaseStream.Length)
{
throw new Exception("非VB文件格式!");
}
Seek(reader, Header - ImageBase);
VBSig = reader.ReadUInt32();
if (VBSig != 0x21354256) //VB5
{
throw new Exception(String.Format("错误VB签名:0x{0:X}", VBSig));
}
//temp = IDCFunction.EvalAndReturnLong("Word(" + VBHeader + "+0x22)");
//temp = Bytes.Word((UInt32)Header + 0x22);
Seek(reader, Header + 0x22 - ImageBase);
temp = reader.ReadInt16();
if (temp < 0x0a)
{
throw new Exception("不是VB6程序!");
}
Seek(reader, Header - ImageBase);
VBHeader header = new VBHeader();
header.Info = this;
header.Read(reader);
HeaderInfo = header;
}