private void 打开ToolStripMenuItem_Click(object sender, EventArgs e)
{
if (openFileDialog1.ShowDialog() != DialogResult.OK)
{
return;
}
//BinaryReader reader = new BinaryReader(File.Open(openFileDialog1.FileName, FileMode.Open, FileAccess.Read));
Byte[] buffer = File.ReadAllBytes(openFileDialog1.FileName);
BinaryReader reader = new BinaryReader(new MemoryStream(buffer));
VBInfo info = VBInfo.Current;
info.Reader = reader;
info.ReadInfo(reader);
reader.BaseStream.Seek(info.Header - info.ImageBase, SeekOrigin.Begin);
VBHeader header = new VBHeader();
header.Info = info;
header.Read(reader);
info.HeaderInfo = header;
LoadVBInfo(info);
}
public bool Init()
{
try
{
//KernelWin.WriteLine("文件 {0}", FileName);
//FileReader.BaseStream.Seek(0x3c, SeekOrigin.Begin);
//Int32 n = FileReader.ReadInt32();
//FileReader.BaseStream.Seek(n + 0x34, SeekOrigin.Begin);
//n = FileReader.ReadInt32();
//KernelWin.WriteLine("镜像基址 0x{0:x}", n);
//Int32 PEentry = IDCFunction.EvalAndReturnLong("GetEntryPoint(GetEntryOrdinal(0))");
VBInfo info = VBInfo.Current;
info.Reader = FileReader;
info.ReadInfo(FileReader);
KernelWin.WriteLine("镜像基址:0x{0:X}", info.ImageBase);
KernelWin.WriteLine(" 入口:0x{0:X}", info.PEEntry);
KernelWin.WriteLine(" VB头:0x{0:X}", info.Header);
KernelWin.WriteLine(" VB签名:0x{0:X}", info.VBSig);
//info.ReadImportTable(FileReader);
//info.ReadBody(FileReader);
}
catch (Exception ex)
{
//KernelWin.Msg(ex.Message + Environment.NewLine);
KernelWin.WriteLine(ex.ToString());
return(false);
}
return(true);
}
public static void Test()
{
String filename = @"D:\CrackMe.exe";
Byte[] buffer = File.ReadAllBytes(filename);
BinaryReader reader = new BinaryReader(new MemoryStream(buffer));
VBInfo.Current.ReadInfo(reader);
//DosHeader dosHeader = new DosHeader();
//dosHeader.Read(reader);
//dosHeader.Show(true);
//Console.WriteLine();
//FileHeader fileHeader = new FileHeader();
//fileHeader.Read(reader);
//fileHeader.Show(false);
//Console.WriteLine();
//OptionalHeader optionalHeader = new OptionalHeader();
//optionalHeader.Read(reader);
//optionalHeader.Show(false);
//Console.WriteLine();
VBInfo info = VBInfo.Current;
//info.ImageBase = 0x11000000;
//info.Header = 0x110079A4;
//info.ImageBase = 0x400000;
//info.Header = 0x441944;
info.ReadInfo(reader);
reader.BaseStream.Seek(info.Header - info.ImageBase, SeekOrigin.Begin);
VBHeader header = new VBHeader();
header.Info = info;
header.Read(reader);
//header.ReadExtend();
header.Show(true);
//ComRegData regdata = header.ComRegisterData2;
//regdata.ReadExtend();
//Console.WriteLine();
//Console.WriteLine("ComRegData:");
//regdata.Show();
//ComRegInfo reginfo = regdata.RegInfo2;
//while (reginfo != null)
//{
// reginfo.ReadExtend();
// Console.WriteLine();
// Console.WriteLine("ComRegInfo:");
// reginfo.Show();
// reginfo = reginfo.Next;
//}
//ProjectInfo pinfo = header.ProjectInfo2;
////pinfo.ReadExtend();
//Console.WriteLine();
//Console.WriteLine("ProjectInfo:");
//pinfo.Show();
}
public void LoadVBInfo(VBInfo info)
{
treeView1.Nodes.Clear();
TreeNodeCollection rootNodes = treeView1.Nodes;
TreeNodeCollection nodes = rootNodes;
TreeNode node = null;
VBHeader vbheader = info.HeaderInfo;
node = rootNodes.Add(typeof(VBHeader).Name);
node.Tag = vbheader;
node = rootNodes.Add(typeof(ProjectInfo).Name);
node.Tag = vbheader.ProjectInfo2;
if (vbheader.ProjectInfo2.ObjectTable2 != null)
{
node = rootNodes.Add(typeof(ObjectTable).Name);
ObjectTable entity = vbheader.ProjectInfo2.ObjectTable2;
node.Tag = entity;
if (entity.ProjectInfo22 != null)
{
node = rootNodes.Add(typeof(ProjectInfo2).Name);
node.Tag = entity.ProjectInfo22;
}
if (entity.Objects != null && entity.Objects.Length > 0)
{
node = rootNodes.Add("对象");
nodes = node.Nodes;
foreach (PublicObjectDescriptor item in entity.Objects)
{
node = nodes.Add(item.Name);
node.Tag = item;
TreeNode node2 = null;
if (item.ObjectInfo2 != null)
{
node2 = node.Nodes.Add(typeof(ObjectInfo).Name);
node2.Tag = item.ObjectInfo2;
}
if (item.OptionalObjectInfo != null)
{
node2 = node.Nodes.Add(typeof(OptionalObjectInfo).Name);
node2.Tag = item.OptionalObjectInfo;
TreeNode node3 = null;
if (item.OptionalObjectInfo.EventLinks != null && item.OptionalObjectInfo.EventLinks.Length > 0)
{
node2 = node.Nodes.Add("事件");
Int32 i = 1;
foreach (EventLink2 elm in item.OptionalObjectInfo.EventLinks)
{
String name = String.Empty;
if (item.ProcNames != null && item.ProcNames.Length > i - 1)
{
name = item.Name + "_" + item.ProcNames[i - 1].FriendName;
}
if (String.IsNullOrEmpty(name))
{
name = item.Name + "_" + i.ToString("X2");
}
i++;
node3 = node2.Nodes.Add(name);
node3.Tag = elm;
}
}
if (item.OptionalObjectInfo.Controls != null && item.OptionalObjectInfo.Controls.Length > 0)
{
node2 = node.Nodes.Add("控件");
foreach (VBControl elm in item.OptionalObjectInfo.Controls)
{
node3 = node2.Nodes.Add(elm.Name2);
node3.Tag = elm;
}
}
}
//if (item.ProcNames != null && item.ProcNames.Length > 0)
//{
// foreach (ProcName elm in item.ProcNames)
// {
// node2 = node.Nodes.Add(elm.Name);
// node2.Tag = elm;
// }
//}
}
}
}
if (vbheader.ComRegisterData2 != null)
{
node = rootNodes.Add(typeof(ComRegData).Name);
ComRegData entity = vbheader.ComRegisterData2;
node.Tag = entity;
if (entity.RegInfo2 != null && entity.RegInfo2.Length > 0)
{
node = rootNodes.Add("COM注册");
nodes = node.Nodes;
foreach (ComRegInfo item in entity.RegInfo2)
{
node = nodes.Add(item.Name);
node.Tag = item;
}
}
}
if (vbheader.ExternalComponentTables != null && vbheader.ExternalComponentTables.Length > 0)
{
node = rootNodes.Add("引用组件");
nodes = node.Nodes;
foreach (ExternalComponentTable item in vbheader.ExternalComponentTables)
{
node = nodes.Add(item.Name2);
node.Tag = item;
}
}
if (vbheader.GUITables != null && vbheader.GUITables.Length > 0)
{
node = rootNodes.Add("窗体");
nodes = node.Nodes;
foreach (GUITable item in vbheader.GUITables)
{
node = nodes.Add(typeof(GUITable).Name);
node.Tag = item;
}
}
}