public void ReadImportTable(BinaryReader reader)
{
Seek(reader, PEoffset + 0xD8);
UInt32 temp = reader.ReadUInt32() + reader.ReadUInt32() - 1 + ImageBase;
Imports = new Dictionary <uint, string>();
for (UInt32 ea = PEEntry - 6; ea <= PEEntry && ea > temp; ea -= 6)
{
if ((Bytes.Byte(ea) == 0xFF) && (Bytes.Byte(ea + 1) == 0x25)) //jmp Ds:xx_name
{
//Bytes.MakeCode(ea);
//Bytes.MakeLabel(ea, ("j_" + Bytes.GetTrueName(Bytes.Dword(ea + 2))));
//KernelWin.WriteLine("MakeCode 0x{0:X}", ea);
String name = Bytes.GetTrueName(Bytes.Dword(ea + 2));
Imports.Add(ea, name);
KernelWin.WriteLine("MakeLabel 0x{0:X} {1}", ea, name);
}
}
}
void ReadOptionalObjectInfo(OptionalObjectInfo entity, PublicObjectDescriptor parent)
{
if (entity == null)
{
return;
}
UInt32 address = (UInt32)entity.Address + ImageBase;
VBStruct.Make <OptionalObjectInfo>(entity, address, true);
Bytes.MakeNameAnyway((UInt32)address, "OptInf_" + parent.Name);
if (entity.Controls != null && entity.Controls.Length > 0)
{
//address = (UInt32)entity.Address + ImageBase;
if (entity.Controls.Length == 1)
{
address = (UInt32)entity.Controls[0].Address + ImageBase;
VBStruct.Make <VBControl>(entity.Controls[0], address, true);
Bytes.MakeNameAnyway((UInt32)address, "Control_" + parent.Name);
}
else
{
foreach (VBControl item in entity.Controls)
{
address = (UInt32)item.Address + ImageBase;
VBStruct.Make <VBControl>(item, address, true);
Bytes.MakeNameAnyway((UInt32)address, "Control_" + parent.Name + "_" + item.Name2);
}
}
}
if (entity.EventLinks != null && entity.EventLinks.Length > 0)
{
Int32 i = 1;
foreach (EventLink2 item in entity.EventLinks)
{
address = (UInt32)item.Address + ImageBase;
VBStruct.Make <EventLink2>(item, address, true);
// 事件列表命名
String name = String.Empty;
if (parent.ProcNames != null && parent.ProcNames.Length > i - 1)
{
name = parent.Name + "_" + parent.ProcNames[i - 1].FriendName;
}
if (String.IsNullOrEmpty(name))
{
name = parent.Name + "_" + i.ToString("X2");
}
i++;
Bytes.MakeNameAnyway((UInt32)address, "Event_" + name);
// 跳转命名
address = (UInt32)item.Jump;
Bytes.MakeNameAnyway(address, "j" + name);
Bytes.MakeCode(address);
// 函数命名
if (Bytes.Byte(address) == 0xE9)
{
// Jump语句,下一个字就是函数起始地址
address = Bytes.Dword(address + 1) + address + 5;
Function func = Function.FindByAddress(address);
if (func == null)
{
// 如果函数不存在,则创建函数
Function.Add(address, Bytes.BadAddress);
func = Function.FindByAddress(address);
}
else
{
// 函数存在,但是函数的起始地址并不是当前行,表明这个函数分析有错,修改地址
if (func.Start != address)
{
//Function.Delete(func.Start);
//Function.Add(func.Start, address - 1);
func.End = address - 1;
Function.Add(address, Bytes.BadAddress);
func = Function.FindByAddress(address);
}
}
if (func == null)
{
KernelWin.WriteLine("0x{0:X} 创建函数失败!", address);
}
else
{
Bytes.MakeLabelAnyway(address, name);
}
}
}
}
}